~wgrant/ubuntu-cve-tracker/mainold

« back to all changes in this revision

Viewing changes to active/CVE-2008-1382

Committer: William Grant
Date: 2008-04-19 08:08:17 UTC
mfrom: (1065.2.58 ubuntu-cve)
Revision ID: william@qeuni.net-20080419080817-274tzbq5c88enccc

Merge from master.

files added:
active/00boilerplate.xpdf

active/CVE-2007-0071

active/CVE-2007-6019

active/CVE-2007-6712

active/CVE-2008-1100

active/CVE-2008-1382

active/CVE-2008-1655

active/CVE-2008-1687

active/CVE-2008-1688

active/CVE-2008-1693

active/CVE-2008-1721

active/CVE-2008-1722

active/CVE-2008-1761

active/CVE-2008-1762

active/CVE-2008-1764

active/CVE-2008-1766

active/CVE-2008-1796

retired/CVE-2008-1658

files renamed:
active/CVE-2008-1374 => retired/CVE-2008-1374

active/CVE-2008-1429 => retired/CVE-2008-1429

active/CVE-2008-1515 => retired/CVE-2008-1515

active/CVE-2008-1612 => retired/CVE-2008-1612

files modified:
README

active/CVE-2007-0175

active/CVE-2007-6531

active/CVE-2008-1080

active/CVE-2008-1081

active/CVE-2008-1082

active/CVE-2008-1531

active/CVE-2008-1720

ignored/not-for-us.txt

scripts/check-syntax

scripts/cve_lib.py

scripts/sync-from-versions.py

Show diffs side-by-side

added added

removed removed

active/CVE-2008-1382

Candidate: CVE-2008-1382

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1382

Description:

libpng 1.0.6 through 1.0.32, 1.2.0 through 1.2.26, and 1.4.0beta01 through

1.4.0beta19 allows context-dependent attackers to cause a denial of service

(crash) and possibly execute arbitrary code via a PNG file with zero length

"unknown" chunks, which trigger an access of uninitialized memory.

Ubuntu-Description:

Notes:

Bugs:

Priority: low

Discovered-by: Tavis Ormandy

Assigned-to:

Patches_libpng:

upstream_libpng: released (1.2.27)

dapper_libpng: needed

edgy_libpng: needed

feisty_libpng: needed

gutsy_libpng: needed

devel_libpng: needed

Older »